1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Resolved Exchange help

Discussion in 'Software' started by Theprof, Sep 6, 2009.

  1. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    Hello,

    Over the weekend I've installed and configured exchange and I am stuck at a point where I can't send out emails externally or receive emails from external addresses.

    Here's what I've setup:

    1. I have a registered domain name with GoDaddy.com
    2. Because my AD domain name is different from that of GoDaddy.com, I went into recipient policy and modified the default policy to add the new smtp domain name I use with GoDaddy and enabled it. Then I did apply this policy now.
    3. Went to recipient update services and did the update now.
    4. I went to protocols-smtp-default smtp virtual server and added the external DNS addresses.
    5. I also created an smtp connector mail.mydomainname.com
    6. On the GoDaddy side of things:
    -
    A record: mail.mydomainname.com my external static IP address
    MX record: domainname.com mail.domainname.com

    7. I also made sure to port forward the smtp on my router to the exchange server. Of course my exchange server has the static IP address and it is also running in ESXi....

    if I do a delete with NDR from the queue I get " This message was rejected due to the current administrative policy by the destination server."

    When I goggled it I would get something like the smtp port is being blocked.

    If I send an email from gmail, it bounces back with a DNS error.

    I've spent maybe two days on this and still can't get it to work. Hopefully someone can help me with this.


    Thank you.
     
    Last edited: Sep 7, 2009
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  2. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Couple of things.

    First up, are you running this from a home IP address (i.e. a broadband ISP)? If you are, you may be being blacklisted - check some of the well-known RBLs to be sure

    Secondly, to troubleshoot, can you telnet to port 25 on the IP address you're hosting mail from the outside world? That'll be the first port of call for troubleshooting inbound mail - if you can, try sending a test mail using EHLO - check this out for useful info (apologies if any of this is teaching you how to suck eggs!)
     
    Last edited: Sep 6, 2009
    Certifications: A few
    WIP: None - f*** 'em
  3. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    As a quick test can you telnet onto mail.certforums.co.uk on port 25 from the Exchange server?

    Just checking to see if port 25 works outbound from your network.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  4. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    Also try a nslookup on your domain from an external DNS server.

    nslookup
    server <ip address of external DNS server>
    set type=mx
    yourdomain.com

    does it come back with mail.yourdomain.com as the first MX record?
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  5. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    Thanks for getting back so quick... so I realized that I can't telnet through smtp on my exchange server... I did "telnet mail.certforums.co.uk 25" and got could not open connection to host on port 25: connect failed.

    I also did an nslookup:
    non-authoritive answer:
    mydomain.com MX preference = 10, mail exchanger = mail.mydomain.com
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  6. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    Ok, can you browse the web from the exchange server?

    Also can you telnet onto the Exchange server from the Exchange server? (I know this sounds daft but worth a try!)
     
    Last edited: Sep 6, 2009
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  7. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    Apart from what those guys have said, also:

    Bear inmind that for DNS records to be updated this can sometimes take upto 4days depending on the TTL.

    What exactly are the error messages?

    Are you sending straight via DNS or are you going via a Smart Host?

    Can you connect to you exchange using OWA?

    Have you got an inbound rule from your Router/Firewall allowing inbound SMTP traffic?

    Check here for blacklists
     
    Last edited: Sep 6, 2009
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  8. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    yes I can browse the web

    Yes I can telnet from the server to itself by doing telnet 127.0.0.1 25

    Thanks.
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  9. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    Ok can you telnet onto the Exchange server from another device on the LAN? Not from a VM.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  10. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Good point - could be the Windows Firewall on the Exchange server maybe?
     
    Certifications: A few
    WIP: None - f*** 'em
  11. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    Well the error messages are: " message was rejected due to the current administrative policy by the destination server. Please retry at a later time."

    Yes I can connect to OWA.

    I did create a port forward rule for smtp, check the screenshot please.

    I did the blacklist check on my external IP and got everything OK except for CSMA, NOMOREFUNN, ORVEDB, RANGERSBL, RRBL.... I get a timeout....

    I am using a smart host which is my GoDaddy account... mail.mydomainname.com. I also tried with DNS and that didn't work.
     

    Attached Files:

    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  12. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    Try and get port 25 working outbound first. Can you telnet outbound on port 25 from any other host on the LAN?
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  13. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    Are you using Exchange 2003 or Exchange 2007?
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  14. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    Yes I can telnet to exchange on port 25 from another computer on lan that is not a vm...
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  15. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    Actually I think this is the problem. Take these DNS entries out.

    The reason why you can browse the web from the server is because its using the DNS of the server, I take it this is the LAN IP of the DC in the TCP\IP properties of the NIC?

    When you telnet on port 25 its using the DNS entries in the virtual SMTP server.

    Take the IPs out then restart the SMTP virtual server.
     
    Last edited: Sep 6, 2009
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  16. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    It's exchange server 2003.
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  17. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    I think Sparky is right, the Reciepent Address policy should take care of the multiple domains mate.
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  18. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    I took out the DNS IP's restarted the Virtual SMTP server and that didn't work. I did the update recipient service and policy as well... then I rebooted the computer and still sits in the queue....
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  19. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    Have you created a SMTP connector? You dont need one but its the best way to go, create a new connector and bind it to your SMTP virtual server, you should just have to follow the default values.

    Edit: just noticed that you have. Are you routing email by DNS and not using the smarthost?
     
    Last edited: Sep 6, 2009
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  20. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    I am using smarthost, it's mail.mydomainname.com
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA

Share This Page

Loading...